Am Sonntag, 12. Februar 2006 14:32 schrieb Dave Feustel:
> Brian Hatch addressed exploits in parts 1 and 2

No, he doesn't. Everything there assumes that the user is already
root by some means.

At the start of each set of instructions the user becomes root as first step:

Part 1: "After logging in and becoming root (I'll need that later),
let's set my DISPLAY variable."
Part 2: "First, log into the victim's desktop, become root, and set up your
environment to access his X11 server"

No mention of how he achieves that. *That* would describe an exploit
(which is defined as using some vulnerability to gain higher privileges).
But there's nothing there that qualifies as such .

> and ssh forwarding issues in part 3.

And here we've agreed that X11 forwarding is to be handled with care.
It still requires the attacker to be able to read the .Xauthority
file which means being root or the user on the remote system
(this is true on any *sane* system, see below).

> Your X11 security depends upon no one
> except the owner having even read access to your .Xauthority file.

No one disagreed with that in this whole thread.
I take it for granted that distros create this file with 600 privileges.
Mine sure does. Failure to do so would be a security hole that deserved
reporting against the distro / OS.


>> Visit to unsubscribe <<